Risk aware Access Control model for Trust Based collaborative organizations in cloud


  • Rajanikanth Aluvalu
  • Krishna Keerthi Chennam
  • M. A.Jabbar
  • Shaik Sarfaraz Ahamed






Cloud computing, trust model, access control, collaborative systems, security policy, trust management


Secure interactions between collaborative organizations having their applications and data stored in “Cloud Computing†are a critical issue. Access control is the biggest challenge and trust is regarded as an essential secured relationship within a distributed system. Basic access control models, like Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, cannot satisfy requirements in such environment, and need some improvements. During the collaboration, the attitude of the user may change. Therefore, in this context, adding trust management to an access control model is mandatory. To achieve this goal, in this paper, a new trust model to control access in the cloud is proposed. The aim is to monitor in real-time security for collaborative organizations, having decided to migrate to the cloud.




[1] R. Sandhu, P. Samarati, “Access control: principles and practiceâ€, IEEE Communications Magazine, vol. 32(9), 1994, pp. 40-48.J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, pp.68-73.

[2] Aluvalu RajaniKanth and Lakshmi Muddana. "A Survey on Access Control Models in Cloud Computing." Emerging ICT for Bridging the Future-Proceedings of the 49th Annual Convention of the Computer Society of India (CSI) Volume 1. Springer International Publishing, 2015.

[3] M. J. Covington, P. Fogla, Z. Zhan, M. Ahamad, “A context-aware security architecture for emerging applicationsâ€, in Proc. 18th Annual Computer Security Applications Conference (ACSAC '02), Washington DC., 2002, pp. 249, IEEE Computer Society.

[4] Pau-Chen Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger. “Fuzzy multi-level security: An experiment on quantified risk-adaptive access controlâ€. In Security and Privacy, 2007., pages 222 –230, may 2007.

[5] S-. Chae, W. Kim, D-. Kim, “Role-based access control model for ubiquitous computing environmentâ€, Information Security Applications, vol. 3786, February 2006, Springer Berlin / Heidelberg, pp. 354-363.

[6] Khalid Zaman Bijon, Ram Krishnan, and Ravi Sandhu.†Towards an attribute based constraints specfication languageâ€. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom).

[7] Langaliya, Chirag, and Rajanikanth Aluvalu. "Enhancing cloud security through access control models: A survey." International Journal of Computer Applications 112.7 (2015).

[8] L Chen and J Crampton. “Risk-aware role-based access controlâ€. In 7th International Workshop on Security and Trust Management, 2011.

[9] Liang Chen, Luca Gasparini, and Timothy J Norman. “XACML and risk-aware access controlâ€. Resource, 2(10):3–5, 2013.

[10] Pau-Chen Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger. “Fuzzy multi-level security: An experiment on quantified risk-adaptive access controlâ€. In Security and Privacy, 2007., pages 222 –230, may 2007.

[11] Qun Ni, Elisa Bertino, and Jorge Lobo. “Risk-based access control systems built on fuzzy inferencesâ€. ASIACCS ’10, pages 250–260, New York, NY, USA, 2010. ACM.

[12] S. Kandala, R. Sandhu, and V. Bhamidipati. “An attribute based framework for risk-adaptive access control modelsâ€. In Avail., Reliab. and Sec. (ARES), aug. 2011.

[13] Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, and Alessandra Russo. “Risk-based security decisions under uncertaintyâ€. CODASPY ’12, 2012.

[14] Goyal, V., Pandey, O., Sahai, A. and Waters, B., 2006, October. “Attribute-based encryption for fine-grained access control of encrypted dataâ€. InProceedings of the 13th ACM conference on Computer and communications security (pp. 89-98). Acm.

[15] Bethencourt, J., Sahai, A., Waters, B.: “Ciphertext-policy attribute-based encryptionâ€. In: Proceedings of the IEEE Symposium on Security and Privacy (2007).

[16] Vanraj Kamliya and Rajnikanth Aluvalu. Article: A Survey on Hierarchical Attribute Set based Encryption (HASBE) Access Control Model for Cloud Computing. International Journal of Computer Applications 112(7):4-7, February 2015.

[17] Bijon, Khalid Zaman, Ram Krishnan, and Ravi Sandhu. "A framework for risk-aware role based access control." Communications and Network Security (CNS), 2013 IEEE Conference on. IEEE, 2013.

[18] Karthick, A. V., E. Ramaraj, and R. Ganapathy Subramanian. "An efficient multi queue job scheduling for cloud computing." Computing and Communication Technologies (WCCCT), 2014 World Congress on. IEEE, 2014.

View Full Article: